Is tokenization the same as masking?#

No. Masking in the traditional DLP sense is one-way redaction — the value is destroyed and the AI's answer comes back with holes in it. Tokenization is reversible: the original value is kept in a vault inside your environment and restored into the answer before it reaches the user. The provider sees no sensitive value in either case; the difference is whether your users still get a complete, useful answer. See Tokenization vs. Masking.

Is tokenization the same as pseudonymization?#

They live in different vocabularies. Tokenization is a technical method: replacing a value with a typed, reversible token whose mapping is held separately. Pseudonymization is a privacy and legal classification — GDPR Article 4(5) describes data that can no longer be attributed to a person without additional information that is kept separately and protected. Salus's architecture — values replaced before egress, the re-identification mapping held in a separately secured vault under your keys — is designed to support pseudonymization-style controls. See Tokenization vs. Pseudonymization.

Not legal advice. Whether a specific deployment meets the legal definition of pseudonymization, and what that means for your obligations, is a determination for your organization's counsel. Salus provides the technical controls; regulations like GDPR and KVKK are drivers Salus is built to support, not boxes it checks on your behalf.

Is Salus anonymization?#

No. Anonymization is irreversible by definition — once applied, no one can restore the original values, which would leave AI answers permanently incomplete. Salus uses reversible tokenization: the mapping is preserved in a customer-controlled vault, and approved values are restored into the answer inside your perimeter. Restoration is controlled — it requires the vault, your keys, and policy authorization — but it exists by design. See Why Salus Does Not Use Irreversible Anonymization.

Does Salus replace ChatGPT or our existing AI tools?#

No. The Salus Gateway protects the AI applications and agents you already run — ChatGPT, Claude, Gemini, internal tools, and API traffic keep working as before, with tokenization applied in the path. Salus Workspace is an additional first-party client your teams can use, not a replacement requirement. See Gateway vs. Workspace.

Can we use Azure OpenAI, or providers other than OpenAI?#

Yes. Salus is provider-independent: OpenAI, Anthropic Claude, Google Gemini, Azure OpenAI, Mistral, and any OpenAI-compatible endpoint. Provider routing and failover are built in, and the trust model is identical for all of them — every provider receives tokens only.

Does Salus protect images?#

Yes, where visual detection is configured. Salus can analyze scanned documents, screenshots, photos, and images embedded inside PDF and DOCX files before external processing — recognizing embedded text via OCR and detecting governed visual elements. Supported detection classes depend on the configured model and policy. See Visual Detection.

Does Salus detect signatures and faces?#

Supported visual detection classes can include signatures, faces, identity-document regions, stamps, and handwriting where the configured models support them. A detected face or signature is governed like any other data class — masked, blocked, or held for human review, per policy. Class support should be confirmed per deployment rather than assumed universal.

Can AI generate files?#

Yes — the Workspace supports generated files as an output, and restoration is applied before delivery where relevant: if a generated document references tokens, approved values are restored inside your perimeter before the file reaches the user, following the same policy checks as chat responses.

What leaves the customer environment?#

External providers receive tokenized content for detected and governed sensitive values. The vault, the token mapping, the PII detection intelligence, keys, policy decisions, and restoration all remain inside the customer-controlled environment. Audit logs contain tokens and metadata rather than raw values, and export to your SIEM. Your existing egress and DLP controls stay in place — they see tokenized traffic, which makes them a fail-closed backstop rather than an obstacle. The precise wording matters: protection applies to detected, governed values, which is why detection is layered, measured in observe mode, and backed by human review.

What happens if detection misses something?#

What isn't detected isn't protected — that is true of every detection system, and Salus bounds it rather than denying it. The layers: a self-hosted PII model plus deterministic validators for structured identifiers; tunable confidence thresholds per class, with block-on-low-confidence available for high-risk surfaces; human review, where users can manually mark missed items before sending; policy enforcement per data class; and observe-mode measurement of the miss rate on your own traffic, so the number is measured rather than asserted. Every decision is auditable.

What happens if the AI's answer contains tokens?#

That's the normal case, not a failure — the provider writes its answer around the tokens it was given, and the engine restores each one from the vault inside your perimeter before the answer is delivered. If a restore is impossible (for example, the vault is unreachable), the default is to hold the response rather than deliver a token-bearing answer marked for restore: visible degradation, no leak. Failure behavior is configurable per data class, and the defaults are conservative.

How does streaming work?#

The engine sits in the response path and restores tokens inline as the stream arrives, using a small hold-back window — just enough to catch a token split across stream chunks. The stream stays live; users see restored values appear in real time rather than waiting for the full response. See Restore Pipeline.

Can Salus run fully on-premises?#

Yes — the self-hosted components can run entirely on your infrastructure: the engine, the detection models, the vault, keys, logs, and policy, deployed via Kubernetes/Helm, OpenShift, or Docker Compose, with an offline bundle for air-gapped operation and no phone-home. One clarification worth being precise about: when external providers are selected, those providers still write the responses — an on-premises Salus deployment localizes the protection layer, not the external answer model. Fully local answering is a model-selection question, separate from where Salus runs. See Deployment Options.